The exchange of information that may identify and/or validate a user's approval of a transaction, for example, a digital signature, a credit card number, etc., is an important aspect of commercial transactions. Contract signing is one important operation in commercial transactions wherein the signatures of a buyer and seller on a single textual document obligate each party to fulfill the terms of the contract.
With the significant increase in electronic transactions occurring over networks such as the Internet or World Wide Web (WWW), where parties do not necessarily trust one another, there is need for establishing the validity of the identity of the parties entering and authorizing an electronic transaction. Digital signatures have emerged as the leading mechanism for such validation. However, the mere exchange of digital signatures may render a significant advantage to one party at the expense of the other party.
Considerable efforts have been devoted to develop protocols that mimic the features of “paper contract signing,” particularly the “fairness” aspect. As is recognized in the art, current contract signing protocol, or more generally, an exchange of digital signatures, is fair if at the end of protocol, either both parties have valid signatures or neither does. Early work on fair exchange of digital signatures or secrets that hid digital signatures has focused on the gradual release of a portion of “key” information that allows both parties to substantially concurrently decode the other's signature or secret information. See for example, “Practical and Provably Secure Release of a Secret and Exchange of Signatures,” I. B. Damgard, Journal of Cryptology, 8(4) pp 201-222, Autumn 1995, which disclosed that if each party alternately releases a small portion of the secret information, then neither party has a considerable advantage over the other party. However, the method disclosed has drawbacks in real situations. One problem is that of an uncertain termination. In this case, if one party fails to receive information from the other party, the receiving party will not be certain whether there was a failure in the network or the transmitting party has decided not to continue in the transaction. Another problem is that one party may obtain an advantage over the other party by deriving the other party's secret information using significantly more computing power.
These problems have been investigated and reported in “Timed Commitments (extended abstract),” D. Boneh and M. Naor, Advances in Cryptology—CRYPTO '00, volume 1880 of Lecture Notes in Computer Science, pp. 236-254, Springer-Verlag, 2000. To overcome the problems noted, an elegant “timing” mechanism based on modular exponentiation, an operation which is believed not well suited to being solved by using multiple computers operating in parallel, i.e., parallelization or parallelized processing, was proposed. Using this proposed mechanism, a variety of timed primitives, including timed commitment, timed signature and timed contract signing, are shown to fairly exchange Rabin and RSA signatures having a modulus that is a Blum integer, i.e., a special type of modulus that fits the time structure. As would be known to those skilled in the art, Rabin and RSA are methods of signing information using public and private keys.
However, this method is limited to special kind of signatures, i.e., Rabin and RSA signatures with a modulus that is a Blum integer. Accordingly, there is a need for a method and system that allows for a fair exchange of digital signatures without the restriction above, and which further allows both parties to reconstruct the other's information substantially concurrently in case of a break in communication.